diff options
author | Max Wu | 2017-05-14 17:50:25 +0800 |
---|---|---|
committer | GitHub | 2017-05-14 17:50:25 +0800 |
commit | ea9b1557f9834b2b140bd9b07488b5fca3953791 (patch) | |
tree | 8e96eb37c1715f860a698d5e7eeb2381b00af9d8 /lib/web | |
parent | f85d1d880114b6787fdb2bac488341776deaad3d (diff) | |
parent | c37b6669158750ab2222e81a5a8fc3a5c8c353f5 (diff) |
Merge pull request #421 from hackmdio/BackendRefactor
Backend code refactoring - part 1
Diffstat (limited to '')
-rw-r--r-- | lib/web/auth/dropbox/index.js | 29 | ||||
-rw-r--r-- | lib/web/auth/email/index.js | 74 | ||||
-rw-r--r-- | lib/web/auth/facebook/index.js | 29 | ||||
-rw-r--r-- | lib/web/auth/github/index.js | 28 | ||||
-rw-r--r-- | lib/web/auth/gitlab/index.js | 36 | ||||
-rw-r--r-- | lib/web/auth/google/index.js | 27 | ||||
-rw-r--r-- | lib/web/auth/index.js | 48 | ||||
-rw-r--r-- | lib/web/auth/ldap/index.js | 74 | ||||
-rw-r--r-- | lib/web/auth/twitter/index.js | 29 | ||||
-rw-r--r-- | lib/web/auth/utils.js | 53 | ||||
-rw-r--r-- | lib/web/baseRouter.js | 22 | ||||
-rw-r--r-- | lib/web/historyRouter.js | 18 | ||||
-rw-r--r-- | lib/web/imageRouter.js | 95 | ||||
-rw-r--r-- | lib/web/middleware/checkURIValid.js | 14 | ||||
-rw-r--r-- | lib/web/middleware/redirectWithoutTrailingSlashes.js | 17 | ||||
-rw-r--r-- | lib/web/middleware/tooBusy.js | 13 | ||||
-rw-r--r-- | lib/web/noteRouter.js | 24 | ||||
-rw-r--r-- | lib/web/statusRouter.js | 92 | ||||
-rw-r--r-- | lib/web/userRouter.js | 36 | ||||
-rw-r--r-- | lib/web/utils.js | 9 |
20 files changed, 767 insertions, 0 deletions
diff --git a/lib/web/auth/dropbox/index.js b/lib/web/auth/dropbox/index.js new file mode 100644 index 00000000..c03fbc57 --- /dev/null +++ b/lib/web/auth/dropbox/index.js @@ -0,0 +1,29 @@ +'use strict' + +const Router = require('express').Router +const passport = require('passport') +const DropboxStrategy = require('passport-dropbox-oauth2').Strategy +const config = require('../../../config') +const {setReturnToFromReferer, passportGeneralCallback} = require('../utils') + +let dropboxAuth = module.exports = Router() + +passport.use(new DropboxStrategy({ + apiVersion: '2', + clientID: config.dropbox.clientID, + clientSecret: config.dropbox.clientSecret, + callbackURL: config.serverurl + '/auth/dropbox/callback' +}, passportGeneralCallback)) + +dropboxAuth.get('/auth/dropbox', function (req, res, next) { + setReturnToFromReferer(req) + passport.authenticate('dropbox-oauth2')(req, res, next) +}) + +// dropbox auth callback +dropboxAuth.get('/auth/dropbox/callback', + passport.authenticate('dropbox-oauth2', { + successReturnToOrRedirect: config.serverurl + '/', + failureRedirect: config.serverurl + '/' + }) +) diff --git a/lib/web/auth/email/index.js b/lib/web/auth/email/index.js new file mode 100644 index 00000000..760075f8 --- /dev/null +++ b/lib/web/auth/email/index.js @@ -0,0 +1,74 @@ +'use strict' + +const Router = require('express').Router +const passport = require('passport') +const validator = require('validator') +const LocalStrategy = require('passport-local').Strategy +const config = require('../../../config') +const models = require('../../../models') +const logger = require('../../../logger') +const {setReturnToFromReferer} = require('../utils') +const {urlencodedParser} = require('../../utils') +const response = require('../../../response') + +let emailAuth = module.exports = Router() + +passport.use(new LocalStrategy({ + usernameField: 'email' +}, function (email, password, done) { + if (!validator.isEmail(email)) return done(null, false) + models.User.findOne({ + where: { + email: email + } + }).then(function (user) { + if (!user) return done(null, false) + if (!user.verifyPassword(password)) return done(null, false) + return done(null, user) + }).catch(function (err) { + logger.error(err) + return done(err) + }) +})) + +if (config.allowemailregister) { + emailAuth.post('/register', urlencodedParser, function (req, res, next) { + if (!req.body.email || !req.body.password) return response.errorBadRequest(res) + if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res) + models.User.findOrCreate({ + where: { + email: req.body.email + }, + defaults: { + password: req.body.password + } + }).spread(function (user, created) { + if (user) { + if (created) { + logger.debug('user registered: ' + user.id) + req.flash('info', "You've successfully registered, please signin.") + } else { + logger.debug('user found: ' + user.id) + req.flash('error', 'This email has been used, please try another one.') + } + return res.redirect(config.serverurl + '/') + } + req.flash('error', 'Failed to register your account, please try again.') + return res.redirect(config.serverurl + '/') + }).catch(function (err) { + logger.error('auth callback failed: ' + err) + return response.errorInternalError(res) + }) + }) +} + +emailAuth.post('/login', urlencodedParser, function (req, res, next) { + if (!req.body.email || !req.body.password) return response.errorBadRequest(res) + if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res) + setReturnToFromReferer(req) + passport.authenticate('local', { + successReturnToOrRedirect: config.serverurl + '/', + failureRedirect: config.serverurl + '/', + failureFlash: 'Invalid email or password.' + })(req, res, next) +}) diff --git a/lib/web/auth/facebook/index.js b/lib/web/auth/facebook/index.js new file mode 100644 index 00000000..0e5474d8 --- /dev/null +++ b/lib/web/auth/facebook/index.js @@ -0,0 +1,29 @@ +'use strict' + +const Router = require('express').Router +const passport = require('passport') +const FacebookStrategy = require('passport-facebook').Strategy + +const config = require('../../../config') +const {setReturnToFromReferer, passportGeneralCallback} = require('../utils') + +let facebookAuth = module.exports = Router() + +passport.use(new FacebookStrategy({ + clientID: config.facebook.clientID, + clientSecret: config.facebook.clientSecret, + callbackURL: config.serverurl + '/auth/facebook/callback' +}, passportGeneralCallback)) + +facebookAuth.get('/auth/facebook', function (req, res, next) { + setReturnToFromReferer(req) + passport.authenticate('facebook')(req, res, next) +}) + +// facebook auth callback +facebookAuth.get('/auth/facebook/callback', + passport.authenticate('facebook', { + successReturnToOrRedirect: config.serverurl + '/', + failureRedirect: config.serverurl + '/' + }) +) diff --git a/lib/web/auth/github/index.js b/lib/web/auth/github/index.js new file mode 100644 index 00000000..2a26669c --- /dev/null +++ b/lib/web/auth/github/index.js @@ -0,0 +1,28 @@ +'use strict' + +const Router = require('express').Router +const passport = require('passport') +const GithubStrategy = require('passport-github').Strategy +const config = require('../../../config') +const {setReturnToFromReferer, passportGeneralCallback} = require('../utils') + +let githubAuth = module.exports = Router() + +passport.use(new GithubStrategy({ + clientID: config.github.clientID, + clientSecret: config.github.clientSecret, + callbackURL: config.serverurl + '/auth/github/callback' +}, passportGeneralCallback)) + +githubAuth.get('/auth/github', function (req, res, next) { + setReturnToFromReferer(req) + passport.authenticate('github')(req, res, next) +}) + +// github auth callback +githubAuth.get('/auth/github/callback', + passport.authenticate('github', { + successReturnToOrRedirect: config.serverurl + '/', + failureRedirect: config.serverurl + '/' + }) +) diff --git a/lib/web/auth/gitlab/index.js b/lib/web/auth/gitlab/index.js new file mode 100644 index 00000000..51de1602 --- /dev/null +++ b/lib/web/auth/gitlab/index.js @@ -0,0 +1,36 @@ +'use strict' + +const Router = require('express').Router +const passport = require('passport') +const GitlabStrategy = require('passport-gitlab2').Strategy +const config = require('../../../config') +const response = require('../../../response') +const {setReturnToFromReferer, passportGeneralCallback} = require('../utils') + +let gitlabAuth = module.exports = Router() + +passport.use(new GitlabStrategy({ + baseURL: config.gitlab.baseURL, + clientID: config.gitlab.clientID, + clientSecret: config.gitlab.clientSecret, + scope: config.gitlab.scope, + callbackURL: config.serverurl + '/auth/gitlab/callback' +}, passportGeneralCallback)) + +gitlabAuth.get('/auth/gitlab', function (req, res, next) { + setReturnToFromReferer(req) + passport.authenticate('gitlab')(req, res, next) +}) + +// gitlab auth callback +gitlabAuth.get('/auth/gitlab/callback', + passport.authenticate('gitlab', { + successReturnToOrRedirect: config.serverurl + '/', + failureRedirect: config.serverurl + '/' + }) +) + +if (!config.gitlab.scope || config.gitlab.scope === 'api') { + // gitlab callback actions + gitlabAuth.get('/auth/gitlab/callback/:noteId/:action', response.gitlabActions) +} diff --git a/lib/web/auth/google/index.js b/lib/web/auth/google/index.js new file mode 100644 index 00000000..bf2a260f --- /dev/null +++ b/lib/web/auth/google/index.js @@ -0,0 +1,27 @@ +'use strict' + +const Router = require('express').Router +const passport = require('passport') +var GoogleStrategy = require('passport-google-oauth20').Strategy +const config = require('../../../config') +const {setReturnToFromReferer, passportGeneralCallback} = require('../utils') + +let facebookAuth = module.exports = Router() + +passport.use(new GoogleStrategy({ + clientID: config.google.clientID, + clientSecret: config.google.clientSecret, + callbackURL: config.serverurl + '/auth/google/callback' +}, passportGeneralCallback)) + +facebookAuth.get('/auth/google', function (req, res, next) { + setReturnToFromReferer(req) + passport.authenticate('google', { scope: ['profile'] })(req, res, next) +}) + // google auth callback +facebookAuth.get('/auth/google/callback', + passport.authenticate('google', { + successReturnToOrRedirect: config.serverurl + '/', + failureRedirect: config.serverurl + '/' + }) +) diff --git a/lib/web/auth/index.js b/lib/web/auth/index.js new file mode 100644 index 00000000..b5ca8434 --- /dev/null +++ b/lib/web/auth/index.js @@ -0,0 +1,48 @@ +'use strict' + +const Router = require('express').Router +const passport = require('passport') + +const config = require('../../config') +const logger = require('../../logger') +const models = require('../../models') + +const authRouter = module.exports = Router() + +// serialize and deserialize +passport.serializeUser(function (user, done) { + logger.info('serializeUser: ' + user.id) + return done(null, user.id) +}) + +passport.deserializeUser(function (id, done) { + models.User.findOne({ + where: { + id: id + } + }).then(function (user) { + logger.info('deserializeUser: ' + user.id) + return done(null, user) + }).catch(function (err) { + logger.error(err) + return done(err, null) + }) +}) + +if (config.isFacebookEnable) authRouter.use(require('./facebook')) +if (config.isTwitterEnable) authRouter.use(require('./twitter')) +if (config.isGitHubEnable) authRouter.use(require('./github')) +if (config.isGitLabEnable) authRouter.use(require('./gitlab')) +if (config.isDropboxEnable) authRouter.use(require('./dropbox')) +if (config.isGoogleEnable) authRouter.use(require('./google')) +if (config.isLDAPEnable) authRouter.use(require('./ldap')) +if (config.isEmailEnable) authRouter.use(require('./email')) + +// logout +authRouter.get('/logout', function (req, res) { + if (config.debug && req.isAuthenticated()) { + logger.debug('user logout: ' + req.user.id) + } + req.logout() + res.redirect(config.serverurl + '/') +}) diff --git a/lib/web/auth/ldap/index.js b/lib/web/auth/ldap/index.js new file mode 100644 index 00000000..766c5cbc --- /dev/null +++ b/lib/web/auth/ldap/index.js @@ -0,0 +1,74 @@ +'use strict' + +const Router = require('express').Router +const passport = require('passport') +const LDAPStrategy = require('passport-ldapauth') +const config = require('../../../config') +const models = require('../../../models') +const logger = require('../../../logger') +const {setReturnToFromReferer} = require('../utils') +const {urlencodedParser} = require('../../utils') +const response = require('../../../response') + +let ldapAuth = module.exports = Router() + +passport.use(new LDAPStrategy({ + server: { + url: config.ldap.url || null, + bindDn: config.ldap.bindDn || null, + bindCredentials: config.ldap.bindCredentials || null, + searchBase: config.ldap.searchBase || null, + searchFilter: config.ldap.searchFilter || null, + searchAttributes: config.ldap.searchAttributes || null, + tlsOptions: config.ldap.tlsOptions || null + } +}, function (user, done) { + var profile = { + id: 'LDAP-' + user.uidNumber, + username: user.uid, + displayName: user.displayName, + emails: user.mail ? [user.mail] : [], + avatarUrl: null, + profileUrl: null, + provider: 'ldap' + } + var stringifiedProfile = JSON.stringify(profile) + models.User.findOrCreate({ + where: { + profileid: profile.id.toString() + }, + defaults: { + profile: stringifiedProfile + } + }).spread(function (user, created) { + if (user) { + var needSave = false + if (user.profile !== stringifiedProfile) { + user.profile = stringifiedProfile + needSave = true + } + if (needSave) { + user.save().then(function () { + if (config.debug) { logger.debug('user login: ' + user.id) } + return done(null, user) + }) + } else { + if (config.debug) { logger.debug('user login: ' + user.id) } + return done(null, user) + } + } + }).catch(function (err) { + logger.error('ldap auth failed: ' + err) + return done(err, null) + }) +})) + +ldapAuth.post('/auth/ldap', urlencodedParser, function (req, res, next) { + if (!req.body.username || !req.body.password) return response.errorBadRequest(res) + setReturnToFromReferer(req) + passport.authenticate('ldapauth', { + successReturnToOrRedirect: config.serverurl + '/', + failureRedirect: config.serverurl + '/', + failureFlash: true + })(req, res, next) +}) diff --git a/lib/web/auth/twitter/index.js b/lib/web/auth/twitter/index.js new file mode 100644 index 00000000..5429522d --- /dev/null +++ b/lib/web/auth/twitter/index.js @@ -0,0 +1,29 @@ +'use strict' + +const Router = require('express').Router +const passport = require('passport') +const TwitterStrategy = require('passport-twitter').Strategy + +const config = require('../../../config') +const {setReturnToFromReferer, passportGeneralCallback} = require('../utils') + +let twitterAuth = module.exports = Router() + +passport.use(new TwitterStrategy({ + consumerKey: config.twitter.consumerKey, + consumerSecret: config.twitter.consumerSecret, + callbackURL: config.serverurl + '/auth/twitter/callback' +}, passportGeneralCallback)) + +twitterAuth.get('/auth/twitter', function (req, res, next) { + setReturnToFromReferer(req) + passport.authenticate('twitter')(req, res, next) +}) + +// twitter auth callback +twitterAuth.get('/auth/twitter/callback', + passport.authenticate('twitter', { + successReturnToOrRedirect: config.serverurl + '/', + failureRedirect: config.serverurl + '/' + }) +) diff --git a/lib/web/auth/utils.js b/lib/web/auth/utils.js new file mode 100644 index 00000000..ff7a1237 --- /dev/null +++ b/lib/web/auth/utils.js @@ -0,0 +1,53 @@ +'use strict' + +const models = require('../../models') +const config = require('../../config') +const logger = require('../../logger') + +exports.setReturnToFromReferer = function setReturnToFromReferer (req) { + var referer = req.get('referer') + if (!req.session) req.session = {} + req.session.returnTo = referer +} + +exports.passportGeneralCallback = function callback (accessToken, refreshToken, profile, done) { + var stringifiedProfile = JSON.stringify(profile) + models.User.findOrCreate({ + where: { + profileid: profile.id.toString() + }, + defaults: { + profile: stringifiedProfile, + accessToken: accessToken, + refreshToken: refreshToken + } + }).spread(function (user, created) { + if (user) { + var needSave = false + if (user.profile !== stringifiedProfile) { + user.profile = stringifiedProfile + needSave = true + } + if (user.accessToken !== accessToken) { + user.accessToken = accessToken + needSave = true + } + if (user.refreshToken !== refreshToken) { + user.refreshToken = refreshToken + needSave = true + } + if (needSave) { + user.save().then(function () { + if (config.debug) { logger.info('user login: ' + user.id) } + return done(null, user) + }) + } else { + if (config.debug) { logger.info('user login: ' + user.id) } + return done(null, user) + } + } + }).catch(function (err) { + logger.error('auth callback failed: ' + err) + return done(err, null) + }) +} diff --git a/lib/web/baseRouter.js b/lib/web/baseRouter.js new file mode 100644 index 00000000..b918ce75 --- /dev/null +++ b/lib/web/baseRouter.js @@ -0,0 +1,22 @@ +'use strict' + +const Router = require('express').Router + +const response = require('../response') + +const baseRouter = module.exports = Router() + +// get index +baseRouter.get('/', response.showIndex) +// get 403 forbidden +baseRouter.get('/403', function (req, res) { + response.errorForbidden(res) +}) +// get 404 not found +baseRouter.get('/404', function (req, res) { + response.errorNotFound(res) +}) +// get 500 internal error +baseRouter.get('/500', function (req, res) { + response.errorInternalError(res) +}) diff --git a/lib/web/historyRouter.js b/lib/web/historyRouter.js new file mode 100644 index 00000000..1b22c232 --- /dev/null +++ b/lib/web/historyRouter.js @@ -0,0 +1,18 @@ +'use strict' + +const Router = require('express').Router + +const {urlencodedParser} = require('./utils') +const history = require('../history') +const historyRouter = module.exports = Router() + +// get history +historyRouter.get('/history', history.historyGet) +// post history +historyRouter.post('/history', urlencodedParser, history.historyPost) +// post history by note id +historyRouter.post('/history/:noteId', urlencodedParser, history.historyPost) +// delete history +historyRouter.delete('/history', history.historyDelete) +// delete history by note id +historyRouter.delete('/history/:noteId', history.historyDelete) diff --git a/lib/web/imageRouter.js b/lib/web/imageRouter.js new file mode 100644 index 00000000..592a497c --- /dev/null +++ b/lib/web/imageRouter.js @@ -0,0 +1,95 @@ +'use strict' +var fs = require('fs') +var url = require('url') +var path = require('path') + +const Router = require('express').Router +const formidable = require('formidable') +var imgur = require('imgur') + +const config = require('../config') +const logger = require('../logger') +const response = require('../response') + +const imageRouter = module.exports = Router() + +// upload image +imageRouter.post('/uploadimage', function (req, res) { + var form = new formidable.IncomingForm() + + form.keepExtensions = true + + if (config.imageUploadType === 'filesystem') { + form.uploadDir = 'public/uploads' + } + + form.parse(req, function (err, fields, files) { + if (err || !files.image || !files.image.path) { + response.errorForbidden(res) + } else { + if (config.debug) { logger.info('SERVER received uploadimage: ' + JSON.stringify(files.image)) } + + try { + switch (config.imageUploadType) { + case 'filesystem': + res.send({ + link: url.resolve(config.serverurl + '/', files.image.path.match(/^public\/(.+$)/)[1]) + }) + + break + + case 's3': + var AWS = require('aws-sdk') + var awsConfig = new AWS.Config(config.s3) + var s3 = new AWS.S3(awsConfig) + const {getImageMimeType} = require('../utils') + fs.readFile(files.image.path, function (err, buffer) { + if (err) { + logger.error(err) + res.status(500).end('upload image error') + return + } + var params = { + Bucket: config.s3bucket, + Key: path.join('uploads', path.basename(files.image.path)), + Body: buffer + } + + var mimeType = getImageMimeType(files.image.path) + if (mimeType) { params.ContentType = mimeType } + + s3.putObject(params, function (err, data) { + if (err) { + logger.error(err) + res.status(500).end('upload image error') + return + } + res.send({ + link: `https://s3-${config.s3.region}.amazonaws.com/${config.s3bucket}/${params.Key}` + }) + }) + }) + break + case 'imgur': + default: + imgur.setClientId(config.imgur.clientID) + imgur.uploadFile(files.image.path) + .then(function (json) { + if (config.debug) { logger.info('SERVER uploadimage success: ' + JSON.stringify(json)) } + res.send({ + link: json.data.link.replace(/^http:\/\//i, 'https://') + }) + }) + .catch(function (err) { + logger.error(err) + return res.status(500).end('upload image error') + }) + break + } + } catch (err) { + logger.error(err) + return res.status(500).end('upload image error') + } + } + }) +}) diff --git a/lib/web/middleware/checkURIValid.js b/lib/web/middleware/checkURIValid.js new file mode 100644 index 00000000..88065e79 --- /dev/null +++ b/lib/web/middleware/checkURIValid.js @@ -0,0 +1,14 @@ +'use strict' + +const logger = require('../../logger') +const response = require('../../response') + +module.exports = function (req, res, next) { + try { + decodeURIComponent(req.path) + } catch (err) { + logger.error(err) + return response.errorBadRequest(res) + } + next() +} diff --git a/lib/web/middleware/redirectWithoutTrailingSlashes.js b/lib/web/middleware/redirectWithoutTrailingSlashes.js new file mode 100644 index 00000000..fbaba617 --- /dev/null +++ b/lib/web/middleware/redirectWithoutTrailingSlashes.js @@ -0,0 +1,17 @@ +'use strict' + +const config = require('../../config') + +module.exports = function (req, res, next) { + if (req.method === 'GET' && req.path.substr(-1) === '/' && req.path.length > 1) { + const queryString = req.url.slice(req.path.length) + const urlPath = req.path.slice(0, -1) + let serverURL = config.serverurl + if (config.urlpath) { + serverURL = serverURL.slice(0, -(config.urlpath.length + 1)) + } + res.redirect(301, serverURL + urlPath + queryString) + } else { + next() + } +} diff --git a/lib/web/middleware/tooBusy.js b/lib/web/middleware/tooBusy.js new file mode 100644 index 00000000..f1b72330 --- /dev/null +++ b/lib/web/middleware/tooBusy.js @@ -0,0 +1,13 @@ +'use strict' + +const toobusy = require('toobusy-js') + +const response = require('../../response') + +module.exports = function (req, res, next) { + if (toobusy()) { + response.errorServiceUnavailable(res) + } else { + next() + } +} diff --git a/lib/web/noteRouter.js b/lib/web/noteRouter.js new file mode 100644 index 00000000..007c02c2 --- /dev/null +++ b/lib/web/noteRouter.js @@ -0,0 +1,24 @@ +'use strict' + +const Router = require('express').Router + +const response = require('../response') + +const noteRouter = module.exports = Router() + +// get new note +noteRouter.get('/new', response.newNote) +// get publish note +noteRouter.get('/s/:shortid', response.showPublishNote) +// publish note actions +noteRouter.get('/s/:shortid/:action', response.publishNoteActions) +// get publish slide +noteRouter.get('/p/:shortid', response.showPublishSlide) +// publish slide actions +noteRouter.get('/p/:shortid/:action', response.publishSlideActions) +// get note by id +noteRouter.get('/:noteId', response.showNote) +// note actions +noteRouter.get('/:noteId/:action', response.noteActions) +// note actions with action id +noteRouter.get('/:noteId/:action/:actionId', response.noteActions) diff --git a/lib/web/statusRouter.js b/lib/web/statusRouter.js new file mode 100644 index 00000000..aa3a9b79 --- /dev/null +++ b/lib/web/statusRouter.js @@ -0,0 +1,92 @@ +'use strict' + +const Router = require('express').Router + +const response = require('../response') +const realtime = require('../realtime') +const config = require('../config') +const models = require('../models') +const logger = require('../logger') + +const {urlencodedParser} = require('./utils') + +const statusRouter = module.exports = Router() + +// get status +statusRouter.get('/status', function (req, res, next) { + realtime.getStatus(function (data) { + res.set({ + 'Cache-Control': 'private', // only cache by client + 'X-Robots-Tag': 'noindex, nofollow', // prevent crawling + 'HackMD-Version': config.version + }) + res.send(data) + }) +}) +// get status +statusRouter.get('/temp', function (req, res) { + var host = req.get('host') + if (config.alloworigin.indexOf(host) === -1) { + response.errorForbidden(res) + } else { + var tempid = req.query.tempid + if (!tempid) { + response.errorForbidden(res) + } else { + models.Temp.findOne({ + where: { + id: tempid + } + }).then(function (temp) { + if (!temp) { + response.errorNotFound(res) + } else { + res.header('Access-Control-Allow-Origin', '*') + res.send({ + temp: temp.data + }) + temp.destroy().catch(function (err) { + if (err) { + logger.error('remove temp failed: ' + err) + } + }) + } + }).catch(function (err) { + logger.error(err) + return response.errorInternalError(res) + }) + } + } +}) +// post status +statusRouter.post('/temp', urlencodedParser, function (req, res) { + var host = req.get('host') + if (config.alloworigin.indexOf(host) === -1) { + response.errorForbidden(res) + } else { + var data = req.body.data + if (!data) { + response.errorForbidden(res) + } else { + if (config.debug) { + logger.info('SERVER received temp from [' + host + ']: ' + req.body.data) + } + models.Temp.create({ + data: data + }).then(function (temp) { + if (temp) { + res.header('Access-Control-Allow-Origin', '*') + res.send({ + status: 'ok', + id: temp.id + }) + } else { + response.errorInternalError(res) + } + }).catch(function (err) { + logger.error(err) + return response.errorInternalError(res) + }) + } + } +}) diff --git a/lib/web/userRouter.js b/lib/web/userRouter.js new file mode 100644 index 00000000..ecfbaf8b --- /dev/null +++ b/lib/web/userRouter.js @@ -0,0 +1,36 @@ +'use strict' + +const Router = require('express').Router + +const response = require('../response') +const models = require('../models') +const logger = require('../logger') + +const UserRouter = module.exports = Router() + +// get me info +UserRouter.get('/me', function (req, res) { + if (req.isAuthenticated()) { + models.User.findOne({ + where: { + id: req.user.id + } + }).then(function (user) { + if (!user) { return response.errorNotFound(res) } + var profile = models.User.getProfile(user) + res.send({ + status: 'ok', + id: req.user.id, + name: profile.name, + photo: profile.photo + }) + }).catch(function (err) { + logger.error('read me failed: ' + err) + return response.errorInternalError(res) + }) + } else { + res.send({ + status: 'forbidden' + }) + } +}) diff --git a/lib/web/utils.js b/lib/web/utils.js new file mode 100644 index 00000000..c9016523 --- /dev/null +++ b/lib/web/utils.js @@ -0,0 +1,9 @@ +'use strict' + +const bodyParser = require('body-parser') + +// create application/x-www-form-urlencoded parser +exports.urlencodedParser = bodyParser.urlencoded({ + extended: false, + limit: 1024 * 1024 * 10 // 10 mb +}) |